Date: Mon, 25 Sep 2000 10:58:18 -0400 From: "Troy Settle" <troy@psknet.com> To: <treif1@netaxs.com>, <freebsd-questions@FreeBSD.ORG> Subject: tarpitting bad HTTP requests (WAS: RE: question) Message-ID: <BFEGKDHLHDNOJEIHJDBACECFCAAA.troy@psknet.com> In-Reply-To: <39CF6209.5AAD0F8D@reif.cncdsl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've not tested this myself, but you might have good luck with using the ErrorDocument directive to redirect to either a cgi script or just your main page. ErrorDocument 401 /index.html or ErrorDocuemnt 401 /cgi-bin/tarpit.pl If you opt for the cgi idea, you can then use a perl or other script to do your tar pitting. But, before you make this effort, make sure that this will do what you expect. I assume that you've actually examined the logs to see that the /same/ host is sending several bad requests in rapid succession? G'luck, -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of webmaster > Sent: Monday, September 25, 2000 10:33 AM > To: freebsd-questions@FreeBSD.ORG > Subject: question > > > I have searched extensively for info on this subject and > have found nothing. I admin a server which gets allot of > bad requests daily. In fact, it has over 400 meg in bad > log files daily. > > I asked a real Unix guru about the problem and he recommended > using tar pitting. The idea is that every time a bad request > is generated by an I.P. the time the server takes to respond is > increased. > Example: > Bad request #1. server answers with 401 error in 1 second > Bad request #1. server answers with 401 error in 2 seconds > Bad request #1. server answers with 401 error in 4 seconds > > This sounds like the perfect answer to many problems with > a variety of server attacks. The problem is I can only find > info on the subject relating to spam mail and sendmail. > Any help would be extremely appreciated. > > Thanks in advance for your time. > Terry Reifsnyder > > Please RE: treif1@netaxs.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BFEGKDHLHDNOJEIHJDBACECFCAAA.troy>